nostr-crypto-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs interacting with public Nostr relays and processing user-generated events (e.g., "Send wrap to recipient's relays" in the NIP-59 flow and kind:24133 request/response via relays in NIP-46), meaning the agent will ingest untrusted third-party relay content (events) that can directly influence actions like decrypting payloads or invoking signing methods.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I flagged real, usable credentials because the doc includes high-entropy secret material (not placeholders or obvious examples):
• NIP-06 test vector:
• mnemonic: "leader monkey parrot ring guide accident before fence cannon height naive bean" — a 12-word BIP39 mnemonic that can derive keys.
• privkey: 7f7ff03d123792d6ac594bfa67bf6d0c0ab55b6b1fdb6249303fe861f1ccba9a — a 32-byte private key in hex.
• nsec: nsec10allq0gjx7fddtzef0ax00mdps9t2kmtrldkyjfs8l5xruwvh2dq0lhhkp — a bech32-encoded Nostr secret key. These are high-entropy, directly usable secrets (mnemonic or private key / nsec).
• NIP-49 test vector:
• ncryptsec bech32: ncryptsec1qgg99... (long bech32 string) — an encoded encrypted private key.
• password: "nostr" and privkey: 35014541... (hex) are provided alongside the ncryptsec string. Although "nostr" is a low-entropy password, combined with the provided bech32 ciphertext and privkey test vector this material constitutes a concrete test-vector leak that reveals a private key in the document.

I did NOT flag placeholders or names (none of the known ignore patterns like YOUR_API_KEY, sk-xxxx, etc. are present). Public identifiers (npub, pubkey) are not secrets and were not considered sensitive.